RPA Project Files (XAML) Encryption

Emman_Pelayo · May 29, 2019, 6:47am

Is it possible to encrypt the content of the project files especially the .xaml files? I have tried to edit the XAMLs via notepad and it shows xml tree which can be easily modified by someone with access.

One of my client which is in banking mentioned this re: security and risk policies and wondering how I can comply

Pablito · May 29, 2019, 7:55am

Hi @Emman_Pelayo,
Please note that if you are using Orchestrator all projects are packed into .nupkg package. Additionally connection between Orchestrator and Robot is secured via SSL and paired with machine key. So there’s no possible way to change anything.

Keeping/Running projects from Studio as a raw xaml files in Business is not perfect approach.

HalmiNordin · May 29, 2019, 8:02am

Sounds like a reasonable idea

Emman_Pelayo · May 29, 2019, 8:28am

Hello Pablito,

We are not using orchestrator, yet. Users also run attended robots(with license) via UiRobot tray.

Well in my scenario, we have .nupkg files under **ProgramData\UiPath\Packages*, downloading it from the UiRobot Tray produce uncompressed project files which has the .XAMLs on **.nuget\packages*. (Is orchestratorXrobot not design like this?)

As stated above, we are running on licensed attended robot via UiRobot Tray. Actually another concern is on the installation of UiPath Studio/UiRobot for Robot users which is related also with the security policies, since XAMLs are accessible, users may try to open this in the UiStudio and also have the power to modify it. (Well, this may be a different thread )

Pablito · May 29, 2019, 8:38am

@Emman_Pelayo,
Have you seen this:

You can sign your packages to secure each process from any change. As you see at each step package is checked for any case of discrepancy:

Edit:
Users which are not admins shouldn’t have possibility to enter to the paths which are not their own files. You can add them Read permission but not Write.

Emman_Pelayo · May 29, 2019, 2:50pm

Thanks pablito on this. This maybe one of my option since certificates has private keys.

However, I tried to export a selfsignedcert and used it during publishing but to no avail.
I keep on receiving chain validation failed error and a NU3018: The certificate is not valid for the requested usage. in logs.

I have modified the nuget.config too by adding the author.

I’ve checked here in community but no discussion on this yet.

Edit. Should this work, the concern is the user may edit the current published xaml file using notepad still, am i wrong? This only prevents the next untrusted publish or updates, or do i miss something?

Best regards

Pablito · May 30, 2019, 7:07am

Yes for sure user can edit xaml with notepad. But from my experience with work on huge environments is that users should have access to their profile (read) and their files (read/write) only. They should not be able to see C drive and have access to the files not related to them. The proper GPO setting are the key for the business solution that’s why I’m concerning why they even have possibility to edit xaml in your case.

Emman_Pelayo · May 30, 2019, 7:30am

Hi Pablito,

Published files after decompressing the nupkg files are local under C:\user.nuget\ right? Do you mean to change the folder security settings of the current user to read only?

I believe that installation of uipath community is by user which means even we change this security settings, the user can also revert this security settings. We applied attended robot license for the user fyi.

mahesh.kumar · May 30, 2019, 7:44am

Hi @Emman_Pelayo - You need to have admin rights to open the files from .nuger folder.

Emman_Pelayo · May 30, 2019, 1:50pm

Our setup is we deploy project files using the user account. RPA in this company is driven by the Business Process Management Dept, not by the IT. So we are the one who deploy since we developed RPA solutions. Administrator rights is managed by IT Dept.

mahesh.kumar · May 30, 2019, 2:05pm

@Emman_Pelayo - I am not sure if I got you correctly but what I am trying to say is - The extracted xaml files are secure and can be opened only in admin mode. If the local users who are running the processes do not have admin rights they wont be able to see the code.
If you have noticed some different behavior then please help us with Robot version.

Emman_Pelayo · May 30, 2019, 2:20pm

Hi @mahesh.kumar

Seems in our setup, local users has admin rights. Would you mean that, the setup should be, the administrator should published the robots/packages in the nuget folder and modify it with read only security for the local user? So the local user will just download these via UiRobot?

badita · June 26, 2019, 12:35pm

Solution is to use Orchestrator. Try the cloud one.

GreenTea · November 9, 2020, 9:58am

Hi @Pablito,

The signing of package depends on nuget.config setup to work in tandem. Otherwise, when a third party obtains the nupkg file is able to run the nupkg file on a UiPath robot does not enforced signed packages only.

Topic		Replies	Views
Nupkg - encrypt Orchestrator studio , publish , question	6	1677	September 12, 2022
How to make our xaml files protected? Learn orchestrator , question	7	1205	June 29, 2020
Create Uipath project as executable file / protect our code of XAML file Help	7	2215	October 14, 2020
How to secure a workflow with password/encrypt mode in our UiPath project Academic Alliance question	1	1272	September 7, 2020
Access denied to run XAML file published by Orchestrator Help orchestrator	2	2745	October 17, 2018

Most Active Users - Yesterday
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123
More details...

RPA Project Files (XAML) Encryption

Related Topics